Announcement: Cythera has joined forces with Bastion Security Group. Learn more
02 Nov / 2022
Cyber Security
CVE: CVE-2022-3602 and CVE-2022-3786
What Is Vulnerable?: OpenSSL versions 3.0.0 or later. It is worth noting that SSL v3.0.0 was released in September 2021.
October 26th, the OpenSSL project team announced a critical vulnerability that was found in their widely used TLS and SSL software library. An additional statement from the OpenSSL team on the 1st of November downgraded the vulnerability from critical to high, citing that testing feedback provided by security firms. Estimates from shodan.io, indicate that 16,000 of all websites using OpenSSL are currently using version 3.0.x or later. Currently, there is no known exploitation of these vulnerabilities in the wild. OpenSSL prior to v3.0.x are not vulnerable as the exploit is due to a decoding functionality which was introduced in v3.0.x.
Key Facts
Microsoft Office Remote Code Execution Vulnerability aka Follina
CVE: CVE-2022-30190What Is Vulnerable? Windows Office 2013 and later, including the latest patches for Office 2021What’s Happening?Microsoft O…
Read MoreCommon Unix Printing System (CUPS) - Critical Vulnerability
Common Unix Printing System (CUPS) - Critical VulnerabilityWhat Is VulnerableThe open-source printing system called “Common Unix Printing Syst…
Read MorePartnerships should help build capability
Individuals and companies like to use the term ‘partnership’ when trying to build rapport and relationships. This creates a sense of cooper…
Read More